If the HISTFILE environment variable is set, the history file isn't ~/.bash_history but rather ${HISTFILE}.
– KarolosApr 3 '13 at 22:34

20

Entries are written into the history file when you exit the shell. Therefore, after entering a command that you'd like to remove, you need to either log out and back in, or use 'history -d xxxx' to remove them from the current shell session.
– harmicJan 24 '14 at 0:19

3

but how would you delete the record of editing the history file?
– chiliNUTJul 23 '14 at 19:54

To prevent a command from being added to the history in the first place, make sure that the environment variable HISTCONTROL contains among its colon-separated values the value ignorespace, for example (add e.g. to .bashrc):

$ export HISTCONTROL=ignorespace

This will prevent any command with a leading space from being added to the history. You can then clear the history completely by running

First of all, if the command you're about to issue is sensitive, unsafe, or you just don't need it cluttering up your history, it is best/quickest to just prevent it from entering the history in the first place. Make sure that $HISTCONTROL contains ignorespace:

If you don't want any history from your current session to hit the disk, exit using:

(bash)$ kill -9 $$

The approach so far is to not even let sensitive history items be written to disk for extra security, because in theory data deleted from non-volatile media can still be recovered.

If, however, the command(s) you wish to remove are from a previous session, they will have already been appended to the $HISTFILE on exit. Manipulating the history with the above commands will still only append the remaining new items to the $HISTFILE, on exit. To overwrite the $HISTFILE with the current session's view of the entire history, right now, issue:

(bash)$ history -w

Of course for history items already on disk, the alternative to editing the history with history -d commands then issuing history -w, is to edit the $HISTFILE with a text editor.

”Manipulating the history with the above commands will still only append the remaining new items to the $HISTFILE, on exit.” Actually, this isn't exactly true. It seems to only append remaining new items that ‘stick out’ from the original history length. E.g. If I remove 5 original items and add 15 new, only the last 10 new are appended, whereas I'd expect all 15 new to be appended. I think this is a bug because I can't see how this is ever desirable functionality.
– James HaighJun 19 '13 at 15:59

1

I guess bash takes note of the original length. On session close, it presumably appends items whose number is greater than this value. If this value was decremented every time an item is deleted whose number is less than or equal to this value, it would work as expected. ;-)
– James HaighJun 19 '13 at 16:06

Prevent sensitive information from being stored in the history file

If you've entered some password on a command line, then realize that all commands are logged, you could either:

Force exit the current session without saving history:

kill -9 $$

This will drop all current history.

Type ↑ (up arrow) in the open bash session until the sensitive information is shown, then use line editing keystrokes like Ctrl+W to delete the sensitive info, and then↓ (down arrow) until a new empty line is prompted, before typing Enter.

Delete sensitive information from the history file

If you realize that sensitive information is already stored, and you want to delete it, but not your entire history:

A simple sed command could do the job:

sed -e '/SeNsItIvE InFo/d' -i .bash_history

but, as you type this, you create another history line containing the search pattern (sensitive info) you are trying to delete. So you could:

sed -e "/$(head -n1)/d" -i .bash_history

This will run head -n1 with input from the terminal.
It will appear that your terminal is hung (there won't be a prompt);
just type the information that you want to delete from the file.
This is a trick to let you enter (part of) a command
without actually typing it into the command line,
thus making it ineligible for inclusion in the history record.
Then sed will use the text that you typed to search .bash_history
and delete all lines containing the sensitive info.
Note: if your sensitive information pattern contains slash(es),
you must escape them with backslashes,
or else change the sed command to use this syntax
to specify a delimiter that does not appear in the pattern:

sed -e "\|$(head -n1)|d" -i .bash_history

Another way could be to delete only the sensitive info, but keep the commands that contain the information. For this, you could simply replace sensitive info with substitute text of your choice:

Combining tricks from a related answer it should be possible to delete SeNsItIvE InFo and the sed command doing the deletion on the same line with something like sed -e '/SeNsItIvE InFo/d' -i .bash_history; history -d $((HISTCMD-1))
– S0AndS0Nov 2 '19 at 4:25

Actually, I believe that you must cursor up to the line, press Ctrl+U, and then cursor up or down to another line (possibly the blank one at the bottom of the list). Also, strictly speaking, the line hasn't been substituted with an asterisk. Rather, the command has been erased, and the history number has been appended with a *.
– G-Man Says 'Reinstate Monica'Apr 1 '15 at 16:47

2

This becomes much more powerful with Ctrl+R (reverse incremental history search), then e.g. [End], Ctrl+U
– seheJun 15 '15 at 12:13

Function should be typically added to $HOME/.bashrc. To use the function imediatelly, you will need to have the file read again by your running shell (. $HOME/.bashrc). Then to delete e.g. commands 200-210 from history:

$ histdel 200 210

(Note: This question is among the top search results if you search for deleting a range of commands from bash history. So, while the above is more than what the question asks, it could be useful for some readers.)